Hello all,
A fairly long time amateur user using Traefik to do TLS termination for local services.
I have recently added SmokePing to the mix, and am having an issue where the ping metrics are no longer gathered for the specific targets.
I initially spun up the SmokePing container, following the LinuxServerIO documention, as a standalone to prove correct operation. Only once behind traefik does the issue appear. I have several services that run behind it without issue. Below is a ping trace out to Cloudflare, starting when I created the container, and stopping when adding Traefik to the mix. The logs and the graphs show packet loss. The container itself can ping out and resolve DNS without issue.
It should be noted that DNS traces, using Dig, work fine and have continued to do so. See below.
My question; is there a configuration option that could cause this? I have been scouring the documentation and other users configs, but haven't figured anything out so far. Help, guidance or discussion welcomed. Docker Compose and configs quoted below. Thanks!
Traefik Compose
version: "2.1"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
networks:
- proxy
dns: dns_ip
ports:
- 80:80
- 443:443
environment:
- GANDIV5_API_KEY=key
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /storage/traefik/traefik.yml:/traefik.yml:ro
- /storage/traefik/acme.json:/acme.json
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=http
- traefik.http.routers.traefik.rule=Host(`traefik.tld`)
- traefik.http.middlewares.traefik-auth.basicauth.users=auth
- traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.routers.traefik.middlewares=traefik-https-redirect
- traefik.http.routers.traefik-secure.entrypoints=https
- traefik.http.routers.traefik-secure.rule=Host(`traefik.tld`)
- traefik.http.routers.traefik-secure.middlewares=traefik-auth
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt
- traefik.http.routers.traefik-secure.tls.domains[0].main=tld
- traefik.http.routers.traefik-secure.tls.domains[0].sans=*.tld
- traefik.http.routers.traefik-secure.service=api@internal
networks:
proxy:
external: true
traefik.yml
api:
dashboard: true
debug: true
entryPoints:
http:
address: :80
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: :443
ping: {}
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: unix:///var/run/docker.sock
exposedByDefault: false
# file:
# filename: /config.yml
certificatesResolvers:
letsencrypt:
acme:
email: email
storage: /acme.json
dnsChallenge:
provider: gandiv5
SmokePing Compose
services:
smokeping:
container_name: smokeping
image: lscr.io/linuxserver/smokeping:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
environment:
- TZ=Etc/UTC
hostname: hostname
dns: dns_ip
volumes:
- /storage/smokeping/config:/config
- /storage/smokeping/data:/data
labels:
- traefik.enable=true
- traefik.http.routers.smokeping.entrypoints=https
- traefik.http.routers.smokeping.rule=Host(`smokeping.tld`)
- traefik.http.routers.smokeping.tls=true
networks:
proxy:
external: true